【知识】8月11日 - 每日安全知识热点

360安全客 安全知识 89833 4

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:CVE-2017-1000117:在Git中通过构造ssh://实现远程代码执行、使用Kerberoast破解Kerberos TGS Tickets – 利用Kerberos Compromise Active Directory域、卢森堡大公国物联网/智慧城市安全公司Netsnapper源码泄露,黑客在暗网叫卖14.33比特币、完美SAP渗透测试(Part 2):攻击场景、CVE-2017-3085:Adobe Flash Windows用户凭据泄漏漏洞、Salesforce 解雇在 Defcon 上演讲的安全研究员


国内热词(以下内容部分摘自http://www.solidot.org/ ):

Salesforce 解雇在 Defcon 上演讲的安全研究员

资讯类:

Git、SVN、Mercurial开源版本控制系统修复严重安全漏洞

http://www.esecurityplanet.com/threats/git-svn-and-mercurial-open-source-version-control-systems-update-for-critical-security-vulnerability.html 

传播NotPetya勒索软件的乌克兰人被捕

http://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html 

CouchPotato:CIA黑客工具可实时远程监控视频流

http://thehackernews.com/2017/08/cia-hacking-tool-video.html 

暗网新闻:

卢森堡大公国物联网/智慧城市安全公司Netsnapper源码泄露,黑客在暗网叫卖14.33比特币

http://wallstyizjhkrvmj.onion/offer/4163 

https://www.netsnapper.com/ 

http://p7.qhimg.com/t0119b8c3992dcbca0f.png

技术类:

CVE-2017-1000117:在Git中通过构造ssh://实现远程代码执行

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html 

SCM工具中的漏洞

http://blog.recurity-labs.com/2017-08-10/scm-vulns 

使用Kerberoast破解Kerberos TGS Tickets – 利用Kerberos Compromise Active Directory域

https://adsecurity.org/?p=2293 

完美SAP渗透测试(Part 2):攻击场景

https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-2/ 

CVE-2017-3085:Adobe Flash Windows用户凭据泄漏漏洞

https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/ 

WTF is SafeFinder/OperatorMac campaign?

https://babyphd.net/2017/08/wtf-is-safefinderoperatormac-campaign/ 

FakeNet-NG:动态网络生成工具

https://github.com/fireeye/flare-fakenet-ng 

Plecost:Wordpress指纹识别工具(识别版本、插件,匹配已知漏洞)

https://github.com/iniqua/plecost 

awesome-windows-exploitation

https://github.com/enddo/awesome-windows-exploitation 

为什么说UAV遥测数据是网络/物理安全风险?

http://dronesec.xyz/2017/08/10/uav-telemetry-data-security-risk/ 

开发漏洞利用代码完成Blue Frost Security Ekoparty挑战

https://www.zerodayinitiative.com/blog/2017/8/9/the-blue-frost-security-challenge-an-exploitation-journey-for-fun-and-free-drinks 

Week of Evading Microsoft ATA Day 4:Silver ticket、Kerberoast、SQL Servers 

http://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day4.html 

Blue Frost Security Ekoparty challenge #eko13 writeup

https://github.com/esanfelix/writeup/tree/master/bfs-eko13 

plasma:x86/ARM/MIPS交互式反汇编程序

https://github.com/plasma-disassembler/plasma 

np1sec:分布式多方通讯加密协议

https://equalit.ie/introducing-n1sec-a-protocol-for-distributed-multiparty-chat-encryption/ 

https://github.com/equalitie/np1sec

[教程]如何使用USB驱动USB Rubber Ducky

https://www.pentestingshop.com/pentesting/make-your-own-usb-rubber-ducky-using-a-normal-usb-stick/ 

BeRoot:Windows权限提升工具

https://github.com/AlessandroZ/BeRoot 

(完)